1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

auth3: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
Volker Lendecke 2018-12-13 21:01:00 +01:00 committed by Andrew Bartlett
parent 59f29acb2c
commit 6af7d7ffda
3 changed files with 31 additions and 19 deletions

View File

@ -607,9 +607,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
if (ids[i].type != ID_TYPE_GID &&
ids[i].type != ID_TYPE_BOTH) {
struct dom_sid_buf buf;
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n",
sid_string_dbg(&t->sids[i])));
dom_sid_str_buf(&t->sids[i], &buf)));
continue;
}
if (!add_gid_to_array_unique(session_info->unix_token,
@ -1084,10 +1085,11 @@ NTSTATUS auth3_session_info_create(TALLOC_CTX *mem_ctx,
ids[i].type != ID_TYPE_BOTH) {
struct security_token *nt_token =
session_info->security_token;
struct dom_sid_buf buf;
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n",
sid_string_dbg(&nt_token->sids[i])));
dom_sid_str_buf(&nt_token->sids[i], &buf)));
continue;
}

View File

@ -310,13 +310,14 @@ static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info,
NTSTATUS status;
struct dom_sid new_sid;
uint32_t attributes = rg->groups.rids[i].attributes;
struct dom_sid_buf buf;
sid_compose(&new_sid,
rg->domain_sid,
rg->groups.rids[i].rid);
DEBUG(10, ("Adding SID %s to extra SIDS\n",
sid_string_dbg(&new_sid)));
dom_sid_str_buf(&new_sid, &buf)));
status = append_netr_SidAttr(info3, &info3->sids,
&info3->sidcount,
@ -324,7 +325,7 @@ static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info,
attributes);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n",
sid_string_dbg(&new_sid),
dom_sid_str_buf(&new_sid, &buf),
nt_errstr(status)));
return status;
}
@ -431,6 +432,8 @@ static NTSTATUS SamInfo3_handle_sids(const char *username,
struct dom_sid *domain_sid,
struct extra_auth_info *extra)
{
struct dom_sid_buf buf;
if (sid_check_is_in_unix_users(user_sid)) {
/* in info3 you can only set rids for the user and the
* primary group, and the domain sid must be that of
@ -445,7 +448,7 @@ static NTSTATUS SamInfo3_handle_sids(const char *username,
DEBUG(10, ("Unix User found. Rid marked as "
"special and sid (%s) saved as extra sid\n",
sid_string_dbg(user_sid)));
dom_sid_str_buf(user_sid, &buf)));
} else {
sid_copy(domain_sid, user_sid);
sid_split_rid(domain_sid, &info3->base.rid);
@ -471,17 +474,18 @@ static NTSTATUS SamInfo3_handle_sids(const char *username,
DEBUG(10, ("Unix Group found. Rid marked as "
"special and sid (%s) saved as extra sid\n",
sid_string_dbg(group_sid)));
dom_sid_str_buf(group_sid, &buf)));
} else {
bool ok = sid_peek_check_rid(domain_sid, group_sid,
&info3->base.primary_gid);
if (!ok) {
struct dom_sid_buf buf2, buf3;
DEBUG(1, ("The primary group domain sid(%s) does not "
"match the domain sid(%s) for %s(%s)\n",
sid_string_dbg(group_sid),
sid_string_dbg(domain_sid),
dom_sid_str_buf(group_sid, &buf),
dom_sid_str_buf(domain_sid, &buf2),
username,
sid_string_dbg(user_sid)));
dom_sid_str_buf(user_sid, &buf3)));
return NT_STATUS_INVALID_SID;
}
}
@ -751,12 +755,14 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
ok = sid_peek_check_rid(&domain_sid, &group_sid,
&info3->base.primary_gid);
if (!ok) {
struct dom_sid_buf buf1, buf2, buf3;
DEBUG(1, ("The primary group domain sid(%s) does not "
"match the domain sid(%s) for %s(%s)\n",
sid_string_dbg(&group_sid),
sid_string_dbg(&domain_sid),
dom_sid_str_buf(&group_sid, &buf1),
dom_sid_str_buf(&domain_sid, &buf2),
unix_username,
sid_string_dbg(&user_sid)));
dom_sid_str_buf(&user_sid, &buf3)));
status = NT_STATUS_INVALID_SID;
goto done;
}

View File

@ -430,9 +430,10 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
int i;
NTSTATUS status;
uint32_t session_info_flags = 0;
struct dom_sid_buf buf;
DEBUG(10, ("Create local NT token for %s\n",
sid_string_dbg(user_sid)));
dom_sid_str_buf(user_sid, &buf)));
if (!(result = talloc_zero(mem_ctx, struct security_token))) {
DEBUG(0, ("talloc failed\n"));
@ -554,8 +555,9 @@ static NTSTATUS add_local_groups(struct security_token *result,
pass = getpwuid_alloc(tmp_ctx, uid);
if (pass == NULL) {
struct dom_sid_buf buf;
DEBUG(1, ("SID %s -> getpwuid(%u) failed\n",
sid_string_dbg(&result->sids[0]),
dom_sid_str_buf(&result->sids[0], &buf),
(unsigned int)uid));
}
}
@ -903,6 +905,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
uint32_t i;
uint32_t high, low;
bool range_ok;
struct dom_sid_buf buf;
if (sid_check_is_in_our_sam(user_sid)) {
bool ret;
@ -922,7 +925,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
if (!ret) {
DEBUG(1, ("pdb_getsampwsid(%s) failed\n",
sid_string_dbg(user_sid)));
dom_sid_str_buf(user_sid, &buf)));
DEBUGADD(1, ("Fall back to unix user\n"));
goto unix_user;
}
@ -932,7 +935,8 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
&pdb_num_group_sids);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1, ("enum_group_memberships failed for %s: "
"%s\n", sid_string_dbg(user_sid),
"%s\n",
dom_sid_str_buf(user_sid, &buf),
nt_errstr(result)));
DEBUGADD(1, ("Fall back to unix uid lookup\n"));
goto unix_user;
@ -995,7 +999,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
if (!sid_to_uid(user_sid, uid)) {
DEBUG(1, ("unix_user case, sid_to_uid for %s failed\n",
sid_string_dbg(user_sid)));
dom_sid_str_buf(user_sid, &buf)));
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
@ -1050,7 +1054,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
/* We must always assign the *uid. */
if (!sid_to_uid(user_sid, uid)) {
DEBUG(1, ("winbindd case, sid_to_uid for %s failed\n",
sid_string_dbg(user_sid)));
dom_sid_str_buf(user_sid, &buf)));
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
@ -1075,7 +1079,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
if (!sid_to_gid(&group_sids[0], &gids[0])) {
DEBUG(1, ("sid_to_gid(%s) failed\n",
sid_string_dbg(&group_sids[0])));
dom_sid_str_buf(&group_sids[0], &buf)));
goto done;
}